activedirectory:logondienstdebug
Inhaltsverzeichnis
Anmeldedienst Debug-Protokollierung
Enable netlogon logging for account lockout on Source DC
First Enable netlogon logs on source DC and review the log on lockout time, you find the lockout system/server details with IP address
- Open CMD with Admin privilege (Command prompt)
- Run below command
- Nltest /DBFlag:2080FFFF
- And run below commands to restart netlogon Service
- net stop netlogon
- net start netlogon
Wait for next lockout and open %windir%\debug\netlogon.log to review the logs
Also Read: How to extract bulk object from AD with list of attributes (Part 1)
Further Analysis to trace the lockout system
Some time even netlogon logs point to different DC/server, in that case you have to enable Enable netlogon logs on that DC/server to find the source of lockout
In my experience, find the sample account lockout scenario
- Child Domain DC showing the root Domain DC
- Root Domain DC shows the Trusted Domain DC
- Trusted Domain DC shows different DC from Same Domain
- Again this DC shows exchange server
- Exchange server shows the handheld device IP
All you have to do trace the lockout system by enabling netlogon logs to reach the actual lockout system
Also Read: Windows Server Administrator Interview Questions and Answers
Debug-Protokollierung deaktivieren
Nltest /DBFlag:0x0
activedirectory/logondienstdebug.txt · Zuletzt geändert: 2017/12/12 11:57 von ronny